Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Advance Notification for May 2013

There will be ten bulletins released by Microsoft nextTuesday and one of those should be for the recent Internet Explorer zero-daydiscovered earlier this week. Buletin 2should cover the remote code execution of the IE-8 0day while Bulletin 1 willalso cover RCE in IE 6 thru 10. Wesuspect Bulletin 1 will fix the issue discovered during the PWN2OWN competitionat CanSecWest earlier this year.

Bulletins 3, 4, and 10 are in Windows itself including .NET.They are rated Important and cover Denial of Service, Spoofing and Elevation ofPrivilege vulnerabilities.

Bulletins 5, 6, and 7 are all rated Important and all three resultin remote code execution in parts of Microsoft Office. SpecificallyCommunicator and Lync, Publisher and Word in that order.

Bulletin 9 is also rated as Important and results inInformation Disclosure in Windows Essentials. Don't get confused with SecurityEssentials. Windows Essentials is a free software pack for Windows 7 thatincludes Mail, Movie Maker, Messenger and other useful apps that Microsoftgives away.

Related SpiderLabs Blogs